das

vpn interface dot1x das—Configure dynamic authorization service (DAS) parameters for use with IEEE 802.1X authentication so that the router can accept change of authentication (CoA) requests from a RADIUS server (on vEdge routers only).

When discussing DAS, the vEdge router (the NAS) is the server and the RADIUS server (or other authentication server) is the client.

Command Hierarchy

Options

Password

secret-keypassword
Password that the the RADIUS or other authentication server uses to access the vEdge router 802.1X interface.

Port Number

portport-number
UDP port number for the vEdge router to use to listen for CoA requests from the RADIUS server. If you configure DAS on multiple 802.1Z interfaces on a vEdge router, you must configure each interface to use a different UDP port.Range: 1 through 65535Default: 3799

RADIUS Server IP Address

clientip-address
IP address of the RADIUS authentication server or other authentication server from which to accept CoA requests.

Timestamps

require-timestamp
Require the DAS client (which is the RADIUS or other authentication server) to include an event timestamp in all CoA messages. When timestamps are required both the vEdge router and the RADIUS server check that the timestamp in the CoA request is current and within a specific time window (the default time window is 5 minutes). If it is not, the CoA request is discarded. Also, when timestamps are required, a CoA received without a timestamp is discarded immediately. By default, timestamps are not required.

Time Window

time-windowseconds
How long a CoA request is valid. The time window is applied to CoA requests only if you have configured require-timestamp. When you configure timestamps, both the vEdge router and the RADIUS server check that the timestamp in the CoA request is within the time window. If the timestamp is outside this window, the CoA request is discarded.Range: 0 through 1000 secondsDefault: 300 seconds (5 minutes)

VPN

vpnvpn-id
VPN through which the RADIUS or other authentication server is reachable.

Operational Commands

Example

Configure DAS with a network RADIUS servers to allow the vEdge router to accept CoA requests from that server. This configuration requires timestamps in the CoA requests and extends the valid CoA window to 10 minutes.